Intrusion Detection for the IIot: How Do We Detect Threats on the Factory Floor

The Industrial IoT (IIoT) provides manufacturers in all industries with greater connectivity that in turn, generates valuable information and intelligence regarding operations. By leveraging this intelligence, they are able to attain significant efficiencies and manufacturing improvements.

However, this expanded network also opens up these newly connected devices to significant threats of cyber-attack. As industrial facilities become more connected, hackers are getting more sophisticated, resulting in greater vulnerabilities and increased risk of devastating cyber-attacks. Intrusion detection, the ability to detect when hackers begin probing devices, is a critical first step to building a secure IIoT.

IIoT vs. IT, a Security POV

Some question the difference between the IIoT and IT from a security POV, but they are different for several reasons. First, with IIoT, you have a much larger attack surface. There is a proliferation of connected devices and every new device brought onto the network is a target for hackers. Second, many of these devices are deployed outside of the current IT security perimeter. This creates significant new security challenges. Finally, many of the IIoT devices are embedded systems operating in the cyber-physical realm, which makes protection from cyber-attacks critical. Because they are embedded systems, they require new security solutions – traditional IT and PC security approaches won’t work on these specialized devices.

If an IT system is hacked the consequence is usually data loss. This can be significant and costly. However, if an IIoT system is hacked, the damage can be much more serious, even life threatening. The power grid can go down, flights can be grounded, production lines can be shut down, machines can go out of control, and real physical damage can occur. For example, a blast furnace was damaged in Germany due to a cyber-attack. This caused significant financial loss and could have caused injury or loss-of-life.

Intrusion Detection

Intrusion Detection Solutions (IDS) for IIoT need to be customized to the nature of the devices. Small devices with limited resources need a solution tailored to the types of attacks they are likely to experience without overwhelming the limited memory and computing resources of the device. At the same time, the sophistication of the Intrusion Detection Solution must scale up to support more powerful gateway and control systems. As a result, it is necessary to build a scalable framework that can support a wide range of devices and can be easily customized based on the needs of the individual device or network. In all cases, the key is to monitor for, detect, and quickly report anomalous traffic. This requires integration with a security management system where IDS events can be sent and viewed by a human (or potentially an AI engine) to determine if the anomalous events indicate a cyber-attack.

Changing Attacks

To keep up with the current attacks and all aspects of cyber-security countermeasures requires a team of experts. Today, many OEMs are designating an internal cyber-security champion to work with outside experts and cybersecurity firms to coordinate their solutions and ensure they are staying current and building appropriate solutions. One of the key elements to a robust solution includes using a hardware platform with hardware security elements as a foundation and implementing secure firmware updates so devices can be updated as security patches become available.

Conclusion

Attackers are becoming more sophisticated over time. They are learning about new vulnerabilities and developing automated attack tools to exploit those vulnerabilities. There are cybercriminals who build and sell these attack tools, making them available to anyone willing to pay for them. Unfortunately, there are a large number of bad actors with the motivation and means to launch sophisticated cyber-attacks. They have made millions stealing data from IT networks and they are beginning to turn their efforts towards IoT devices and networks.

About Alan Grau
Alan Grau is President and co-founder of Icon Labs, a leading provider of security software for IoT and embedded devices. He is the architect of Icon Labs' award winning Floodgate Firewall. Icon Labs was named a 2014 Gartner “Cool Vendor” and 2015 Gartner “Select Vendor”, and is focused on creating The Internet of Secure Things by providing security for even the smallest IoT devices.

Alan has 25 years’ experience in telecommunications and embedded software marketplace. On December 29, 1992 Alan co-founded Icon Labs, an embedded systems software development company whose clients include Motorola, Lucent Technologies, Intel and Tellabs. Prior to founding Icon Labs he worked for AT&T Bell Labs and Motorola. Alan has an MS in computer science from Northwestern University.

About Icon LabsIcon Labs, a 2014 Gartner “Cool Vendor” and 2015 Gartner “Select Vendor”, is a leading provider of security solutions for IoT and embedded device, including the award winning Floodgate Defender and Floodgate Security Framework. Founded in 1992, Icon Labs is headquartered in West Des Moines, Iowa.

The content & opinions in this article are the author’s and do not necessarily represent the views of ManufacturingTomorrow

Post A Comment

Featured Product

ICOMold is a plastic injection molding company that has been manufacturing low-cost, high-quality custom plastic injection molding for customers worldwide in a variety of industries since 2003. We provide an instant quote for your plastic injection molding project, and we have a very fast turnaround time. We have a large selection of materials and colors to choose from, and provide services like insert molding and overmolding. Our setup charges are very low, and our production molds are backed by our Lifetime Warranty.